This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Virginia"
(→Past Meetings) |
(→Past meetings) |
||
Line 79: | Line 79: | ||
---- | ---- | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Static Analysis Curriculum == | == Static Analysis Curriculum == |
Revision as of 14:11, 19 May 2010
About
The OWASP Washington VA Local Chapter meetings are FREE and OPEN to anyone interested in learning more about application security. We encourage individuals to provide knowledge transfer via hands-on training and presentations of specific OWASP projects and research topics and sharing SDLC knowledge.We the encourage vendor-agnostic presentations to utilize the OWASP Powerpoint template when applicable and individual volunteerism to enable perpetual growth. As a 501(3)c non-profit association donations of meeting space or refreshments sponsorship is encouraged, simply contact the local chapter leaders listed on this page to discuss. Prior to participating with OWASP please review the Chapter Rules.
The chapter is committed to providing an engaging experience for a variety of audience types ranging from local students and those beginning in app-sec, to those experienced and accomplished professionals who are looking for competent collaborators for OWASP-related projects. To this end, we will continue to conduct both monthly chapter meetings as well as out-of-band curricula, on application security topics.
OWASP Virginia
Welcome to the Virginia chapter homepage. The chapter leader is John Steven
Program Committee
The OWASP NoVA Chapter Program Committee aims to:
Actively shepherd speakers and and speaking process within the NoVA chapter in order to assure that chapter meetings provide maximum practical benefit to our constituency.
Benefit the broader OWASP community by creating and supporting a 'preferred speaker' list through explicitly gauging, documenting, and sharing speaker quality data gained through feedback from chapter participants.
In pursuit of this charter, we will elect as many as five program committee members that will, over the course of 2010:
- Create easy-to-apply vetting criteria from existing OWASP chapter guidance and ethics rules.
- Assure one program committee personnel applies vetting criteria to each-and-every proposed chapter speaker/material
- Design, document, and implement a chapter participant "speaker survey" / voting mechanism
- Implement a "speaker survey" results display on the OWASP Wiki for the broader OWASP community to consume
- Coordinate with other chapters to set up a 'preferred speaker' list that aggregates data about high-scoring speakers (for the OWASP on-the-move project)
We will be announcing program committee membership shortly.
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
- Click here to join local chapter mailing list
- Add January 7th to my Google Calendar
History
The original DC Chapter was founded in June 2004 by Jeff Williams and has had members from Virginia to Delaware. In April 2005 a new chapter, OWASP Washington VA Local Chapter, was formed and the DC Chapter was renamed to DC-Maryland. The two are sister chapters and include common members and shared discourse. The chapters meet in opposite halves of the month to facilitate this relationship.
Locations
If you plan to attend in person:
Directions to Booz Allen's One Dulles facility:
13200 Woodland Park Road Herndon, VA 20171
From Tyson's Corner:
- Take LEESBURG PIKE / VA-7 WEST
- Merge onto VA-267 WEST / DULLES TOLL ROAD (Portions Toll)
- Take the VA-657 Exit (Exit Number 10 towards Herndon / Chantilly)
- Take the ramp toward CHANTILLY
- Turn Left onto CENTERVILLE ROAD (at end of ramp)
- Turn Left onto WOODLAND PARK ROAD (less than 1⁄2 mile)
- End at 13200 WOODLAND PARK ROAD
If you plan to attend via Webinar:
You can attend through OWASPNoVA WebEx
Schedule
Meetings are held the first thursday of the month.
Next Meeting
DATE: Thursday, June 3rd, 6pm Eastern Daylight Time
LOCATION: Booz Allen Hamilton - 13200 Woodland Park Road Herndon, VA 20171
SPEAKER: TBD
TOPIC: TBD
ABSTRACT: TBD
INSTRUCTIONS: RSVP through Stan Wisseman with “OWASP RSVP” in the subject.
Upcoming Speakers
If you want to present, please contact John, Ben, or Stan. We're very open to hearing from all our members.
Future speakers to include Gunnar Peterson and more.
View the OWASP NoVA Chapter Calendar
Static Analysis Curriculum
- For an introduction to the OWASP Static Analysis (SA) Track goals, objectives, and session roadmap, please see this presentation.
The following is the agenda of the OWASP Static Analysis track roadmap for the Northern Virginia Chapter.
Contacts
Questions related to this curriculum should be sent to John Steven, who is the Northern Virginia chapter leader.
Registration
Classroom’s size estimate for hands on: 30 stations max. Physical number of students can be larger as people may want to pair up. But we may have a hard limit of 40 students.
Registration for sessions will be on first come and first served basis. REGISTRATION IS OPEN!
Please send an email to John Steven with your skill level with Statis Analysis tools, your motivation and the dates that you want to sign in for. Students are required to bring their own laptop. We ask to the students to bring their laptop in the hands on session, and to have software such as SSH pre-installed. Basic knowledge about code is also required in all sessions, except the last one.
Student’s prerequisites
All students will need to bring their own laptop
July 9th 6pm-9pm EST
LOCATION: 13200 Woodland Park Road Herndon, VA 20171
TOPIC: "Ounce's 02"
SPEAKER(S): Dinis Cruz, OWASP, Ounce Labs.
PANEL: TBD
INSTRUCTIONS: RSVP through Stan Wisseman [email protected] with “OWASP RSVP” in the subject.
DESCRIPTION: So what is O2?
Well in my mind O2 is a combination of advanced tools (Technology) which are designed to be used on a particular way (Process) by knowledgeable Individuals (People)
Think about it as a Fighter Jet who is able to go very fast, has tons of controls, needs to be piloted by somebody who knows what they are doing and needs to have a purpose (i.e. mission).
Basically what I did with O2 was to automate the workflow that I have when I'm engaged on a source-code security review.
Now, here is the catch, this version is NOT for the faint-of-heart. I designed this to suit my needs, which although are the same as most other security consultants, have its own particularities :)
The whole model of O2 development is based around the concept of automating a security consultant’s brain, so I basically ensure that the main O2 Developer (Dinis Cruz) has a very good understanding of the feature requirements of the targeted Security Consultant (Dinis Cruz) :) . And this proved (even to my surprise) spectacularly productive, since suddenly I (i.e. the security consultant) didn't had to wait months for new features to be added to its toolkit. If there was something that needed to be added, it would just be added in days or hours.
- View the OWASP NoVA Chapter Calendar
- The next meeting is Thursday, July 9th, 2009.
- Add July 9th to my Google Calendar, Exchange Calendar
Knowledge
The Northern Virginia (NoVA) chapter is committed to compiling resources on interesting and valuable topic areas. We hope that this structure helps you access information pertinent to your tasks at hand as you move through a secure application development life cycle. Currently, our topic areas of focus include activities such as:
- Threat Modeling
- Code Review and Static Analysis with tools
- Penetration Testing and Dynamic Analysis tools
- Monitoring/Dynamic patching (WAFs)
Certain projects our members are involved in cross-cut these activities, providing value throughout. They include:
- ASVS
Contributors and Sponsors
Chapter Leader
- John Steven, with assistance from Paco Hope
Refreshment Sponsors
Facility Sponsors
<paypal>Northern Virginia</paypal>
Flash Talk Resources
Chandu Ketkar on OFS. Download: OFS Presentation.
Jack Mannino on Google and Searching for Personal Information
Jesse Ou on XML Bombs. Download: XML DTD Presentation
Knowledge
On the Knowledge page, you'll find links to this chapter's contributions organized by topic area.